LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-16-2003, 11:30 AM   #1
Belyle
LQ Newbie
 
Registered: Apr 2003
Location: South Africa, Bloemfontein
Distribution: Red Hat 7.3
Posts: 2

Rep: Reputation: 0
Iptables with gShield running over it


Hello people. I am running Red Hat 7.3 with iptables v 1.2.8 on and kernel v 2.4.18-3
If I lsmod I do see the iptables modules loaded, but when I want to restart gShield.rc it gives me this.

[root@TheVault root]# /etc/firewall/gShield.rc
[gShield] initializing v2.7.1
[gShield] interface eth1 up
[gShield] default TCP response set to REJECT with tcp-reset
[gShield] default UDP response set to REJECT with icmp-port-unreachable
[gShield] default logging rate limit set to 20/m
[gShield] not logging ICMP
[gShield] 192.168.1.0/24 authorized for NAT
[gShield] 10.0.0.1/8 authorized for NAT
iptables v1.2.8: host/network `--dport' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.8: invalid TCP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.
[gShield] Forwarding tcp : -> : for
[gShield] allowing all ICMP at rate of 60/m
[gShield] allowing all traceroutes
[gShield] ftpd publically accessible
[gShield] sshd publically accessible
/etc/firewall/gShield.rc: /etc/firewall/sourced/services.rules: line 320: syntax error near unexpected token `|RETURN)'
/etc/firewall/gShield.rc: /etc/firewall/sourced/services.rules: line 320: ` return|RETURN)'
[gShield] error: cannot load services.rules.

Please, if you have some info on this share...I am a newbie on the edge
 
Old 04-16-2003, 12:13 PM   #2
croftale
LQ Newbie
 
Registered: Jan 2003
Location: North Attleboro, MA
Distribution: Fedora Core 2
Posts: 6

Rep: Reputation: 0
Lightbulb

Following is a section of that services.rules file. Please note the syntax of the case. Could it be that there isn't the double ";" before the next test? I would search through the file looking at that point and verify that the syntax is correct. As to the other error, could it be possible that you are trying to activate or control a service not entered in /etc/services?
Without seeing all your configuration files, it is hard to tell what is going on.


# ------ [ IDENTD_SERVICE ] ------ #
case "$IDENTD_SERVICE" in
open|OPEN|PUBLIC|public|YES|yes)
SYSLOG "identd publically accessible"
$IPTABLES -A INPUT -p tcp -s $REMOTENET -d $EXTERNALIP --dport 113 -j PUBLIC
$IPTABLES -A INPUT -p udp -s $REMOTENET -d $EXTERNALIP --dport 113 -j PUBLIC
;;
forward|FORWARD)
SYSLOG "identd accessible and forwarded to $IDENTD_HOST"
$IPTABLES -A FORWARD -p tcp -d $IDENTD_HOST --dport 113 -j ACCEPT
$IPTABLES -A FORWARD -p udp -d $IDENTD_HOST --dport 113 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTERNALIP --dport 113 -j DNAT --to $IDENTD_HOST:113
$IPTABLES -t nat -A PREROUTING -p udp -d $EXTERNALIP --dport 113 -j DNAT --to $IDENTD_HOST:113
;;
return|RETURN)
$IPTABLES -A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset
;;

reject|REJECT)
$IPTABLES -A INPUT -p tcp --dport 113 -j REJECT
;;

no|NO|CLOSED|closed)
;;

*)
SYSLOG "Error: Please check defined identd variables in gShield.conf"
esac
 
Old 04-17-2003, 03:01 AM   #3
Belyle
LQ Newbie
 
Registered: Apr 2003
Location: South Africa, Bloemfontein
Distribution: Red Hat 7.3
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks, I looked at the /etc/firewall/sourced/services.rules file and the ";;" was missing from the line just above line 320.

So that is sorted out now.

Only problem that remains now is this one :
iptables v1.2.8: host/network `--dport' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.2.8: invalid TCP port/service `-j' specified
Try `iptables -h' or 'iptables --help' for more information.

I am not sure what to "look" for in the /etc/services.
What other configuration files should I be looking at?

But thanx for the help so far.
 
Old 04-17-2003, 08:37 AM   #4
croftale
LQ Newbie
 
Registered: Jan 2003
Location: North Attleboro, MA
Distribution: Fedora Core 2
Posts: 6

Rep: Reputation: 0
An old trick I used to use when I did programming eons ago was to put print/echo statements at steps through the program/script. This allowed you to pinpoint an area in the script and narrow it down so that you could isolate the problem/bug. Then when you run it, look at the comment just before and just after the error and that should put you at the point in the script.
Let me know what you find.
Ed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTABLES is running ? How? aurelio26 Linux - Newbie 7 11-20-2004 02:30 AM
Gshield on Mandrake 9 arenaz Linux - General 2 07-10-2003 09:48 AM
gShield - default drop ???? bluehz Linux - Security 3 07-17-2002 12:18 AM
gShield and VPN kleanthis Linux - Security 2 05-17-2002 08:10 PM
gShield question natto34 Linux - Newbie 1 04-07-2002 02:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration